VDB

GCVE-110-MAGEIA-2019-65

GCVE-110-MAGEIA-2019-65
Advisory Published
Vulnetix · Advisory published February 13, 2019
In the marshmallow library before 2.15.1 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only") (CVE-2018-17175).

Affected Products

VendorProductVersionsPlatforms
Mageiamingw-gcc0 (affected), 8.3.0-1.1.mga7 (unaffected)
Mageiapython-marshmallow0 (affected), 2.2.1-0.5.gitea1def9.mga6 (unaffected), 0 (affected), 2.2.1-0.5.gitea1def9.mga6 (unaffected)

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›